From 0e2a0b25d35b268a942479056828d573dc44ec31 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Mon, 13 Jun 2016 23:13:53 +0000 Subject: [PATCH] mod_cache: Fix (max-stale with no '=') and enforce (check integers after '=') Cache-Control header parsing. Submitted by: jailletc36 Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1748330 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ STATUS | 5 ----- modules/cache/cache_util.c | 35 +++++++++++++++++++++++++---------- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index ffa442d132..1250c794b6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.21 + *) mod_cache: Fix (max-stale with no '=') and enforce (check + integers after '=') Cache-Control header parsing. + [Christophe Jaillet] + *) core: Add -DDUMP_INCLUDES configtest option to show the tree of Included configuration files. [Jacob Champion ] diff --git a/STATUS b/STATUS index 162c2282f4..f5c0f9fa87 100644 --- a/STATUS +++ b/STATUS @@ -114,11 +114,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_cache: Fix (max-stale with no '=') and enforce (check integers after '=') - Cache-Control header parsing. - trunk patch: http://svn.apache.org/r1715886 - 2.4.x: trunk works - +1: jailletc36, jim, minfrin PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c index 070a5f0d4c..1d65d3f7f8 100644 --- a/modules/cache/cache_util.c +++ b/modules/cache/cache_util.c @@ -576,7 +576,12 @@ int cache_check_freshness(cache_handle_t *h, cache_request_rec *cache, } if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) { - age_c = apr_atoi64(agestr); + char *endp; + apr_off_t offt; + if (!apr_strtoff(&offt, agestr, &endp, 10) + && endp > agestr && !*endp) { + age_c = offt; + } } /* calculate age of object */ @@ -990,6 +995,8 @@ int ap_cache_control(request_rec *r, cache_control_t *cc, } if (cc_header) { + char *endp; + apr_off_t offt; char *header = apr_pstrdup(r->pool, cc_header); const char *token = cache_strqtok(header, CACHE_SEPARATOR, &last); while (token) { @@ -1033,27 +1040,33 @@ int ap_cache_control(request_rec *r, cache_control_t *cc, } /* ...then try slowest cases */ else if (!strncasecmp(token, "max-age", 7)) { - if (token[7] == '=') { + if (token[7] == '=' + && !apr_strtoff(&offt, token + 8, &endp, 10) + && endp > token + 8 && !*endp) { cc->max_age = 1; - cc->max_age_value = apr_atoi64(token + 8); + cc->max_age_value = offt; } break; } else if (!strncasecmp(token, "max-stale", 9)) { - if (token[9] == '=') { + if (token[9] == '=' + && !apr_strtoff(&offt, token + 10, &endp, 10) + && endp > token + 10 && !*endp) { cc->max_stale = 1; - cc->max_stale_value = apr_atoi64(token + 10); + cc->max_stale_value = offt; } - else if (!token[10]) { + else if (!token[9]) { cc->max_stale = 1; cc->max_stale_value = -1; } break; } else if (!strncasecmp(token, "min-fresh", 9)) { - if (token[9] == '=') { + if (token[9] == '=' + && !apr_strtoff(&offt, token + 10, &endp, 10) + && endp > token + 10 && !*endp) { cc->min_fresh = 1; - cc->min_fresh_value = apr_atoi64(token + 10); + cc->min_fresh_value = offt; } break; } @@ -1096,9 +1109,11 @@ int ap_cache_control(request_rec *r, cache_control_t *cc, case 's': case 'S': { if (!strncasecmp(token, "s-maxage", 8)) { - if (token[8] == '=') { + if (token[8] == '=' + && !apr_strtoff(&offt, token + 9, &endp, 10) + && endp > token + 9 && !*endp) { cc->s_maxage = 1; - cc->s_maxage_value = apr_atoi64(token + 9); + cc->s_maxage_value = offt; } break; } -- 2.40.0